httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr James Smith <...@sanger.ac.uk>
Subject Re: [users@httpd] How to restart apache after reboot on ubuntu 16.04?
Date Wed, 17 Aug 2016 20:12:04 GMT
It may be possible to write your own auto-renewal script relatively 
easily for LetsEncrypt. I have done for Apache as (a) I don't use the 
standard paths and setup, (b) I wish to use HPKP on my servers for 
additional security and "Lets Encrypt" auto scripts generate a new key 
each time which breaks this (the signature changes and is unpredictable) 
- so my script generates a lets encrypt request with the appropriate key 
(either the same OR the backup key I've already generated) I now have a 
relatively simple script which reads my config file and generates keys 
accordingly if required (the only thing it doesn't do is restart the 
server for the new certificates to be read) but it does inform me this 
is happening. It shouldn't be to difficult for nginx to do similar




On 17/08/2016 20:23, R wrote:
> It seemed like the auto-renewal process for ssl from LetsEncrypt is 
> not supported yet for nginx, at least according to this article on its 
> publication date:
>
> https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
>
> My needs are really simple and I wanted to go with whichever would be 
> simpler to setup.
>
> On Wed, Aug 17, 2016 at 2:50 PM, Dr James Smith <js5@sanger.ac.uk 
> <mailto:js5@sanger.ac.uk>> wrote:
>
>     Depends on your backends - nginx is good if it is serving
>     primarily static files and or proxying back to quick responding
>     backends. It seems to be less well suited to slower/heavier
>     backends. Apache always seems to work - slower mind you - but
>     always seems to work... So if reliability is your requirement then
>     nginx may be a problem!
>
>
>
>     On 17/08/2016 19:41, Erik Dobák wrote:
>
>         why did not you use nginx anyway? should be faster and modern.
>         did not
>         have the chance to try that yet myself. still using apache
>         everywhere.
>
>         On 17 August 2016 at 03:18, R <bittransfer2000@gmail.com
>         <mailto:bittransfer2000@gmail.com>> wrote:
>
>             Ugh sorry, I had a test installation of nginx on the
>             machine, which was not
>             fully removed after doing "apt-get remove". Looks like it
>             would still start
>             up somehow. After I purged nginx, then apache2 started ok
>             after reboot.
>
>             Thanks
>
>             On Tue, Aug 16, 2016 at 8:57 PM, R
>             <bittransfer2000@gmail.com
>             <mailto:bittransfer2000@gmail.com>> wrote:
>
>                 Hi, this is everything from cat
>                 /var/log/apache2/error.log:
>
>                 [Mon Aug 15 13:42:17.138117 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
>                 configured -- resuming
>                 normal operations
>                 [Mon Aug 15 13:42:17.138282 2016] [core:notice] [pid
>                 26081:tid
>                 139773925775232] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Mon Aug 15 14:55:14.003814 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00493: SIGUSR1 received.  Doing
>                 graceful restart
>                 AH00112: Warning: DocumentRoot
>                 [/var/lib/letsencrypt/tls_sni_01_page/]
>                 does not exist
>                 AH00558: apache2: Could not reliably determine the
>                 server's fully
>                 qualified domain name, using 127.0.1.1. Set the
>                 'ServerName' directive
>                 globally to suppress this message
>                 [Mon Aug 15 14:55:14.054552 2016] [ssl:warn] [pid
>                 26081:tid
>                 139773925775232] AH01906:x:0 server certificate is a
>                 CA certificate
>                 (BasicConstraints: CA == TRUE !?)
>                 [Mon Aug 15 14:55:14.054736 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
>                 OpenSSL/1.0.2g-fips
>                 configured -- resuming normal operations
>                 [Mon Aug 15 14:55:14.054747 2016] [core:notice] [pid
>                 26081:tid
>                 139773925775232] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Mon Aug 15 14:55:20.854353 2016 <tel:854353%202016>]
>                 [mpm_event:notice] [pid 26081:tid
>                 139773925775232] AH00493: SIGUSR1 received.  Doing
>                 graceful restart
>                 AH00558: apache2: Could not reliably determine the
>                 server's fully
>                 qualified domain name, using 127.0.1.1. Set the
>                 'ServerName' directive
>                 globally to suppress this message
>                 [Mon Aug 15 14:55:20.865056 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
>                 configured -- resuming
>                 normal operations
>                 [Mon Aug 15 14:55:20.865076 2016] [core:notice] [pid
>                 26081:tid
>                 139773925775232] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Mon Aug 15 14:55:23.807722 2016 <tel:807722%202016>]
>                 [mpm_event:notice] [pid 26081:tid
>                 139773925775232] AH00493: SIGUSR1 received.  Doing
>                 graceful restart
>                 AH00558: apache2: Could not reliably determine the
>                 server's fully
>                 qualified domain name, using 127.0.1.1. Set the
>                 'ServerName' directive
>                 globally to suppress this message
>                 [Mon Aug 15 14:55:23.840209 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
>                 OpenSSL/1.0.2g-fips
>                 configured -- resuming normal operations
>                 [Mon Aug 15 14:55:23.840217 2016] [core:notice] [pid
>                 26081:tid
>                 139773925775232] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Mon Aug 15 14:55:31.995008 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00493: SIGUSR1 received.  Doing
>                 graceful restart
>                 AH00558: apache2: Could not reliably determine the
>                 server's fully
>                 qualified domain name, using 127.0.1.1. Set the
>                 'ServerName' directive
>                 globally to suppress this message
>                 [Mon Aug 15 14:55:32.023059 2016] [mpm_event:notice]
>                 [pid 26081:tid
>                 139773925775232] AH00489: Apache/2.4.18 (Ubuntu)
>                 OpenSSL/1.0.2g-fips
>                 configured -- resuming normal operations
>                 [Mon Aug 15 14:55:32.023076 2016] [core:notice] [pid
>                 26081:tid
>                 139773925775232] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Mon Aug 15 14:56:04.269625 2016 <tel:269625%202016>]
>                 [ssl:error] [pid 29903:tid
>                 139773645637376] [client 64.41.200.108:39890
>                 <http://64.41.200.108:39890>] AH02042: rejecting client
>                 initiated renegotiation
>                 [Mon Aug 15 18:40:58.774299 2016 <tel:774299%202016>]
>                 [ssl:error] [pid 29904:tid
>                 139773819877120] [client 64.41.200.105:34645
>                 <http://64.41.200.105:34645>] AH02042: rejecting client
>                 initiated renegotiation
>                 [Mon Aug 15 19:07:02.626527 2016 <tel:626527%202016>]
>                 [mpm_event:notice] [pid 26081:tid
>                 139773925775232] AH00491: caught SIGTERM, shutting down
>                 [Mon Aug 15 19:07:03.939317 2016 <tel:939317%202016>]
>                 [mpm_event:notice] [pid 2548:tid
>                 140489013651328] AH00489: Apache/2.4.18 (Ubuntu)
>                 mod_jk/1.2.41
>                 OpenSSL/1.0.2g-fips configured -- resuming normal
>                 operations
>                 [Mon Aug 15 19:07:03.939444 2016 <tel:939444%202016>]
>                 [core:notice] [pid 2548:tid
>                 140489013651328] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Mon Aug 15 19:13:44.445770 2016 <tel:445770%202016>]
>                 [mpm_event:notice] [pid 2548:tid
>                 140489013651328] AH00491: caught SIGTERM, shutting down
>                 [Mon Aug 15 19:13:45.265839 2016] [mpm_event:notice]
>                 [pid 2705:tid
>                 140547327522688] AH00489: Apache/2.4.18 (Ubuntu)
>                 mod_jk/1.2.41
>                 OpenSSL/1.0.2g-fips configured -- resuming normal
>                 operations
>                 [Mon Aug 15 19:13:45.265879 2016] [core:notice] [pid
>                 2705:tid
>                 140547327522688] AH00094: Command line:
>                 '/usr/sbin/apache2'
>                 [Tue Aug 16 20:12:44.384947 2016] [mpm_event:notice]
>                 [pid 2705:tid
>                 140547327522688] AH00491: caught SIGTERM, shutting down
>
>
>                 On Tue, Aug 16, 2016 at 6:46 PM, Rodrigo Cunha
>                 <rodrigo.root.rj@gmail.com
>                 <mailto:rodrigo.root.rj@gmail.com>>
>                 wrote:
>
>                     execute
>                     cat /var/log/apache2/error.log
>                     and post stdout
>
>                     2016-08-16 19:26 GMT-03:00 R
>                     <bittransfer2000@gmail.com
>                     <mailto:bittransfer2000@gmail.com>>:
>
>                         Hi,
>
>                         I've installed apache on my Ubuntu 16.04
>                         machine as follows:
>
>                              sudo apt-get install apache2
>
>                         and it works fine. It does not restart on its
>                         own though after a reboot.
>                         Are there other Ubuntu 16.04 users that have
>                         it restarting on reboot?
>
>                         Thanks
>
>
>
>
>                     --
>                     Atenciosamente,
>                     Rodrigo da Silva Cunha
>
>         ---------------------------------------------------------------------
>         To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>         <mailto:users-unsubscribe@httpd.apache.org>
>         For additional commands, e-mail: users-help@httpd.apache.org
>         <mailto:users-help@httpd.apache.org>
>
>
>
>
>     -- 
>     The Wellcome Trust Sanger Institute is operated by Genome Research
>     Limited, a charity registered in England with number 1021457 and a
>     company registered in England with number 2742969, whose
>     registered office is 215 Euston Road, London, NW1 2BE.
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>
>




-- 
 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 
Mime
View raw message